SFT-2325: replaced sign with hash in github action #1551
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: © 2021 Foundation Devices, Inc. <hello@foundationdevices.com> | ||
| # SPDX-License-Identifier: GPL-3.0-or-later | ||
| # | ||
| # validate_and_build.yaml - GitHub actions for Passport | ||
| name: Validate and Build | ||
| on: [push] | ||
| jobs: | ||
| lint: | ||
| name: Lint | ||
| runs-on: ubuntu-20.04 | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: network=host | ||
| - uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| context: . | ||
| cache-from: type=gha | ||
| cache-to: type=gha | ||
| tags: localhost:5000/foundation-devices/passport2:latest | ||
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d | ||
| - run: echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | ||
| - name: Lint the codebase | ||
| run: just lint | ||
| build-firmware: | ||
| name: Build Firmware | ||
| runs-on: ubuntu-20.04 | ||
| needs: [lint] | ||
| strategy: | ||
| matrix: | ||
| build: | ||
| [ | ||
| { screen: 'mono', suffix: '-founders-passport', hash_suffix: '-founders'}, | ||
| { screen: 'color', suffix: '-passport', hash_suffix: ''}, | ||
| ] | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: network=host | ||
| - uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| context: . | ||
| cache-from: type=gha | ||
| cache-to: type=gha | ||
| tags: localhost:5000/foundation-devices/passport2:latest | ||
| - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb | ||
| - run: | | ||
| echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | ||
| echo "SCREEN_MODE=$(echo "${{ matrix.build.screen }}" | tr a-z A-Z)" >> $GITHUB_ENV | ||
| - name: Build | ||
| run: | | ||
| echo "$SIGNING_KEY" > ports/stm32/signing_key.pem | ||
| version=$(cat version.txt) | ||
| echo "version=$(cat version.txt)" >> $GITHUB_ENV | ||
| # just sign signing_key.pem "${version}" ${{ matrix.build.screen }} | ||
| just hash signing_key.pem "${version}" ports/stm32/build-Passport/v${version}-beta${{ matrix.build.suffix }}.bin ${{ matrix.build.screen}} | ||
| env: | ||
| SIGNING_KEY: ${{ secrets.UserSigningKey }} | ||
| - name: Upload firmware (unsigned) | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}-unsigned${{ matrix.build.suffix }}.bin | ||
| path: ports/stm32/build-Passport/firmware-${{ env.SCREEN_MODE }}.bin | ||
| - name: Upload firmware (signed) | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}-beta${{ matrix.build.suffix }}.bin | ||
| path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.suffix }}.bin | ||
| - name: Upload MD5 Hash | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}${{ matrix.build.hash_suffix }}-md5 | ||
| path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-md5 | ||
| - name: Upload Build Hash | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}${{ matrix.build.hash_suffix }}-build-hash | ||
| path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-build-hash | ||
| - name: Upload SHA256 Hash | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}${{ matrix.build.hash_suffix }}-sha256 | ||
| path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-sha256 | ||
| - name: Upload Hashes Markdown | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: v${{env.version}}${{ matrix.build.hash_suffix }}-hashes.md | ||
| path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-hashes.md | ||
| build-bootloader: | ||
| name: Build Bootloader | ||
| runs-on: ubuntu-20.04 | ||
| needs: [lint, build-firmware] | ||
| # TODO: PASS1-665. | ||
| strategy: | ||
| matrix: | ||
| screen: ['color'] | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: network=host | ||
| - uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| context: . | ||
| cache-from: type=gha | ||
| cache-to: type=gha | ||
| tags: localhost:5000/foundation-devices/passport2:latest | ||
| - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb | ||
| - run: | | ||
| echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | ||
| echo "SCREEN_MODE=$(echo ${{ matrix.screen }} | tr a-z A-Z)" >> $GITHUB_ENV | ||
| - name: Build | ||
| run: just build-bootloader ${{ matrix.screen }} | ||
| - name: Upload bootloader | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: bootloader-${{ env.SCREEN_MODE }}.bin | ||
| path: ports/stm32/boards/Passport/bootloader/arm/release/bootloader-${{ env.SCREEN_MODE }}.bin | ||
| build-simulator: | ||
| name: Build Simulator | ||
| runs-on: ubuntu-20.04 | ||
| needs: [lint, build-firmware] | ||
| strategy: | ||
| matrix: | ||
| screen: ['mono', 'color'] | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: network=host | ||
| - uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| context: . | ||
| cache-from: type=gha | ||
| cache-to: type=gha | ||
| tags: localhost:5000/foundation-devices/passport2:latest | ||
| - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb | ||
| - run: echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | ||
| - name: Build | ||
| run: just build-simulator ${{ matrix.screen }} | ||
| build-tools: | ||
| name: Build Tools | ||
| runs-on: ubuntu-20.04 | ||
| needs: [lint] | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: docker/setup-buildx-action@v2 | ||
| with: | ||
| driver-opts: network=host | ||
| - uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| context: . | ||
| cache-from: type=gha | ||
| cache-to: type=gha | ||
| tags: localhost:5000/foundation-devices/passport2:latest | ||
| - uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb | ||
| - run: echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | ||
| - name: Build | ||
| run: just tools | ||
